4/9/2023 0 Comments Most reliable archiver for macImmediately, if she assumes that the reason for the absent passphrase However, interactively a user might not notice this kind of attack ![]() repokey mode and no passphrase,īecause Borg will abort access when BORG_PASSPHRASE is incorrect. Repository against a new repository with e.g. Note that when using BORG_PASSPHRASE the attacker cannot swap the entire To add, remove or modify any part of the DAG without Borg being able to detect This effectively ‘anchors’ the manifest to the key, which is controlled by theĬlient, thereby anchoring the entire DAG, making it impossible for an attacker Since an attacker cannot gain access to this key and also cannot make theĬlient authenticate arbitrary data using this mechanism, the attacker is unable tam_key = HKDF-SHA-512 (ikm, salt, context ) # *data* is a dict-like structureĭata = HMAC (tam_key, packed ) packed_authenticated = pack (data ) # *context* depends on the operation, for manifest authentication it is # the ASCII string "borg-metadata-authentication-manifest". # RANDOM(n) returns n random bytes salt = RANDOM ( 64 ) ikm = id_key || enc_key || enc_hmac_key TAM works by deriving a separate key through HKDF from the other encryption andĪuthentication keys and calculating the HMAC of the metadata to authenticate : To the manifest since version 1.0.9 (see Pre-1.0.9 manifest spoofing vulnerability (CVE-2016-10099)). Therefore Borg includes a tertiary authentication mechanism (TAM) that is applied With the scheme as described so far an attacker could easily replace the manifest, The root node of a DAG through its edges, since the root node has no incoming edges. Since the manifest has a fixed ID (000…000) the aforementioned authenticationĭoes not apply to it, indeed, cannot apply to it it is impossible to authenticate This results in a directed acyclic graph of authentication from the manifest In a particular part of its own data structure assigns this meaning. ![]() Would represent what they do, but by the archive item referring to them On their own it’s not clear that these objects For example, an archive item contains a list of object IDs that Object referring to an object ID, thereby assigning a particular meaning toĪn object. In other words, the object ID itself only authenticates the plaintext of the The object ID inīorg is a MAC of the object’s plaintext, therefore this ensures thatĪn attacker cannot change the context of an object without forging the MAC. Parent object through its object ID up to the manifest. Not only the message must be authenticated, but also its meaning (oftenĮxpressed through context), because every object used is referenced by a Where the root object is called the manifest.īorg follows the Horton principle, which states that guarantees 3) and 4) do not apply any more).īorg is fundamentally based on an object graph structure (see Internals), Independently updating the same repository, then Borg fails to provideĬonfidentiality (i.e. When the above attack model is extended to include multiple clients ![]() The attacker can always impose a denial of service per definition (he couldįorbid connections to the repository, or delete it entirely). Structural information such as the object graph (which archives
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |